In recent years, a paradigm shift has occurred regarding the way organizations view risk management. Instead of looking at risk management from a silo-based perspective, the trend is to take a holistic view of risk management. This holistic approach toward managing an organization's risk is...

This study measures the economic consequences of information security activities, in general, and more specifically the market value of disclosures of information security activities. Since information security activities are primarily non-revenue generating, management tends to view them as the...

This paper empirically examines the impact of the Sarbanes-Oxley Act (SOX) of 2002 on the voluntary disclosure of information security activities by corporations. The empirical evidence provided clearly indicates that SOX is having a positive impact on such disclosure. These findings provide...

This dissertation includes two essays on the economic aspects of information security. The first essay presents a principal-agent model for assessing the value of information security audits. The issue of information security investments is confounded by control problems arising from asymmetric...

The primary objective of this article is to develop an economics-based analytical framework for assessing the impact of government incentives/regulations designed to offset the tendency to under-invest in cybersecurity related activities by private sector firms. The analysis provided in the...